A new report from LayerX has sounded the alarm on dangerous security threats that browser extensions represent to enterprises. The Enterprise Browser Extension Security Report 2025 uncovers a shocking truth—99% of your employees’ devices have browser extensions. Among these users, 52% use more than ten different extensions at once! The heavy use of these tools points to an important and bigger need for organizations to address their weaknesses head on. Too frequently, these vulnerabilities are downplayed in the world of cyber.
The report further indicates that users have developed ways to incorporate browser extensions into daily workflow. This ubiquity makes them the largest threat surface. Yet, over 50% of enterprise users’ extensions do have the capability to read sensitive data. That includes cookies, passwords, page content, and activity from all tabs in the browser. These alarming statistics should cause organizations to evaluate data privacy and security measures.
Underestimated Threat Surface
Browser extensions are one of the most commonly underestimated attacks vectors in any cybersecurity conversation, let alone Congress’, noted Snyder. The annual report uncovers that 79% of publishers have released only a single extension. Alarmingly, 51% of all extensions—representing a huge number of widely used and potentially dangerous extensions—haven’t been updated in more than a year. This challenge is exacerbated by a general lack of maintenance, which raises the chances that vulnerabilities can be exploited by bad actors.
Even with enterprise extensions, the report shows that 26% of them are sideloaded. This practice allows them to avoid the most minimal vetting or requirements even extension retailers typically have in place. This practice has the unintended consequence of allowing unverified and sometimes malicious software to enter enterprise environments, adding to the already complex security landscape.
To address these risks, organizations need to start by performing deep audits of all browser extensions used by employees. Figuring out what extensions have been installed and reviewing their permissions is one of the most important steps to making sure that sensitive data stays secure.
Unidentified and High-Risk Publishers
The report’s authors are troubled by the anonymity of most extension publishers. More than half of extension publishers, 54%, still are a mystery. Because they largely can only be detected through gmail addresses, that degrades accountability and trust in these tools. Such opacity makes it difficult for independent organizations to determine the safest browsing experiences for their users.
Moreover, the results show that over one-fifth of users have at least one Generative AI (GenAI) extension installed. A mind-boggling 58% of GenAI extension users have high-risk permission scopes. It means these tools could be given access to sensitive enterprise data, which introduces a major risk. The report underscores the need for enterprises to define clear policies regarding GenAI extension usage and data sharing to minimize exposure to risks.
The Importance of Clear Policies
Given this evidence, it is critical for organizations to implement policies that thoughtfully address the use of browser extensions. To keep the particulars as ever, the report calls on companies to review their current extensions. It spotlights the need for passing guidelines on what kinds of extensions are appropriate.
As the development of browser extensions advances, so too will their adoption as a part of everyday business functions. Consequently, organizations need to be on constant high alert, always anticipating and working against potential security threats. Through the implementation of stronger policies and increased audits, enterprises can reduce the risks posed by browser extensions.